diff --git a/lib/default.nix b/lib/default.nix index 65edd68..37c59d9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -109,7 +109,7 @@ rec { matchConfig.Name = iface; address = [ "${a.ipv4.address}/${toString a.ipv4.mask}" ] ++ - (optional (a.ipv6.iid == null) "${a.ipv6.address}/${toString a.ipv6.mask}"); + (optional (a.ipv6.address != null && a.ipv6.iid == null) "${a.ipv6.address}/${toString a.ipv6.mask}"); gateway = (optional (a.ipv4.gateway != null) a.ipv4.gateway) ++ (optional (a.ipv6.gateway != null) a.ipv6.gateway); @@ -223,6 +223,7 @@ rec { v4 = "${start.all.v4}3."; v6 = "${start.all.v6}3::"; }; + vip1 = "94.142.241.22"; }; prefixes = { all = { @@ -242,6 +243,7 @@ rec { v4 = "${start.oci.v4}0/24"; v6 = "${start.oci.v6}/64"; }; + vip1 = "${start.vip1}4/30"; }; }; sshKeyFiles = { diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index ac14881..f6b0228 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -7,10 +7,20 @@ home-manager = "mine-stable"; assignments = { + routing = { + name = "colony-routing"; + domain = lib.my.colony.domain; + ipv4.address = "${lib.my.colony.start.base.v4}2"; + }; internal = { altNames = [ "vm" ]; domain = lib.my.colony.domain; - ipv4.address = "${lib.my.colony.start.base.v4}2"; + ipv4 = { + address = "${lib.my.colony.start.vip1}4"; + mask = 32; + gateway = null; + genPTR = false; + }; ipv6 = { iid = "::2"; address = "${lib.my.colony.start.base.v6}2"; @@ -145,7 +155,10 @@ }; networks = { - "80-base" = networkdAssignment "base" assignments.internal; + "80-base" = mkMerge [ + (networkdAssignment "base" assignments.routing) + (networkdAssignment "base" assignments.internal) + ]; "80-base-dummy" = { matchConfig.Name = "base0"; networkConfig.Bridge = "base"; @@ -173,21 +186,29 @@ ]; routes = map (r: { routeConfig = r; }) [ { - Gateway = allAssignments.shill.internal.ipv4.address; Destination = lib.my.colony.prefixes.ctrs.v4; + Gateway = allAssignments.shill.routing.ipv4.address; } { - Gateway = allAssignments.shill.internal.ipv6.address; Destination = lib.my.colony.prefixes.ctrs.v6; + Gateway = allAssignments.shill.internal.ipv6.address; + } + { + Destination = allAssignments.shill.internal.ipv4.address; + Gateway = allAssignments.shill.routing.ipv4.address; } { - Gateway = allAssignments.whale2.internal.ipv4.address; Destination = lib.my.colony.prefixes.oci.v4; + Gateway = allAssignments.whale2.routing.ipv4.address; } { - Gateway = allAssignments.whale2.internal.ipv6.address; Destination = lib.my.colony.prefixes.oci.v6; + Gateway = allAssignments.whale2.internal.ipv6.address; + } + { + Destination = allAssignments.whale2.internal.ipv4.address; + Gateway = allAssignments.whale2.routing.ipv4.address; } ]; } diff --git a/nixos/boxes/colony/vms/estuary/bgp.nix b/nixos/boxes/colony/vms/estuary/bgp.nix index c3109be..baaa804 100644 --- a/nixos/boxes/colony/vms/estuary/bgp.nix +++ b/nixos/boxes/colony/vms/estuary/bgp.nix @@ -13,8 +13,12 @@ in # TODO: Clean up and modularise config = '' define OWNAS = 211024; + + define CCVIP1 = ${lib.my.colony.prefixes.vip1}; + define OWNIP4 = ${assignments.internal.ipv4.address}; define OWNNETSET4 = [ ${assignments.internal.ipv4.address}/32 ]; + define CCNETSET4 = [ ${lib.my.colony.prefixes.vip1} ]; define INTNET6 = ${intnet6}; define AMSNET6 = ${amsnet6}; @@ -29,15 +33,14 @@ in define PREFIXP = 110; define PREFPEER = 120; - #function should_export6() { - # return net ~ OWNNETSET6 || (transit && net ~ TRANSSET6); - #} - filter bgp_import { - if net !~ OWNNETSET6 then accept; else reject; + if net !~ OWNNETSET4 && net !~ OWNNETSET6 then accept; else reject; } filter bgp_export { - if net ~ OWNNETSET6 then accept; else reject; + if net ~ OWNNETSET4 || net ~ OWNNETSET6 then accept; else reject; + } + filter bgp_export_cc { + if net ~ OWNNETSET4 || net ~ OWNNETSET6 || net ~ CCNETSET4 then accept; else reject; } router id from "wan"; @@ -48,11 +51,20 @@ in ipv4; ipv6; } - protocol static { + protocol static static4 { + route CCVIP1 via "base"; + + ipv4 { + import all; + export none; + }; + } + protocol static static6 { # Special case: We have to do the routing on behalf of this _internal_ next-hop route INTNET6 via "as211024"; route AMSNET6 via "base"; route HOMENET6 via DUB1IP6; + ipv6 { import all; export none; @@ -161,10 +173,12 @@ in protocol bgp upstream4_coloclue_eun2 from upstream_bgp4 { description "ColoClue euNetworks 2 (IPv4)"; neighbor 94.142.240.253 as 8283; + ipv4 { export filter bgp_export_cc; }; } protocol bgp upstream4_coloclue_eun3 from upstream_bgp4 { description "ColoClue euNetworks 3 (IPv4)"; neighbor 94.142.240.252 as 8283; + ipv4 { export filter bgp_export_cc; }; } protocol bgp upstream6_coloclue_eun2 from upstream_bgp6 { diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index 55fd0ee..a85236e 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -282,15 +282,20 @@ in } ]; routes = map (r: { routeConfig = r; }) (flatten - ([ ] ++ + ([ + { + Destination = lib.my.colony.prefixes.vip1; + Gateway = allAssignments.colony.routing.ipv4.address; + } + ] ++ (map (pName: [ { - Gateway = allAssignments.colony.internal.ipv4.address; + Gateway = allAssignments.colony.routing.ipv4.address; Destination = lib.my.colony.prefixes."${pName}".v4; } { - Gateway = allAssignments.colony.internal.ipv6.address; Destination = lib.my.colony.prefixes."${pName}".v6; + Gateway = allAssignments.colony.internal.ipv6.address; } ]) [ "vms" "ctrs" "oci" ]))); } diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index 309ce46..49df046 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -143,11 +143,11 @@ in allAssignments))) assignments))); - genFor = [ "internal" "base" "vms" "ctrs" ]; + genFor = [ "internal" "base" "vms" "ctrs" "routing" ]; intRecords = genRecords genFor (a: '' ${a.name} IN A ${a.ipv4.address} - ${a.name} IN AAAA ${a.ipv6.address} + ${optionalString (a.ipv6.address != null) "${a.name} IN AAAA ${a.ipv6.address}"} ${concatMapStringsSep "\n" (alt: "${alt} IN CNAME ${a.name}") a.altNames} ''); intPtrRecords = @@ -162,7 +162,7 @@ in genFor (a: optionalString - a.ipv4.genPTR + (a.ipv6.address != null && a.ipv6.genPTR) ''@@PTR:${a.ipv6.address}:${toString ptrDots6}@@ IN PTR ${a.name}.${config.networking.domain}.''); wildcardPtrDef = ''IN LUA PTR "createReverse('ip-%3%-%4%.${config.networking.domain}')"''; diff --git a/nixos/boxes/colony/vms/shill/default.nix b/nixos/boxes/colony/vms/shill/default.nix index 8a0735e..5f22db4 100644 --- a/nixos/boxes/colony/vms/shill/default.nix +++ b/nixos/boxes/colony/vms/shill/default.nix @@ -6,11 +6,21 @@ nixpkgs = "mine"; assignments = { + routing = { + name = "shill-vm-routing"; + domain = lib.my.colony.domain; + ipv4.address = "${lib.my.colony.start.vms.v4}2"; + }; internal = { name = "shill-vm"; altNames = [ "ctr" ]; domain = lib.my.colony.domain; - ipv4.address = "${lib.my.colony.start.vms.v4}2"; + ipv4 = { + address = "${lib.my.colony.start.vip1}5"; + mask = 32; + gateway = null; + genPTR = false; + }; ipv6 = { iid = "::2"; address = "${lib.my.colony.start.vms.v6}2"; @@ -99,7 +109,10 @@ }; networks = { - "80-vms" = networkdAssignment "vms" assignments.internal; + "80-vms" = mkMerge [ + (networkdAssignment "vms" assignments.routing) + (networkdAssignment "vms" assignments.internal) + ]; "80-ctrs" = mkMerge [ (networkdAssignment "ctrs" assignments.ctrs) { diff --git a/nixos/boxes/colony/vms/whale2/default.nix b/nixos/boxes/colony/vms/whale2/default.nix index 3ba1e8a..a4379cb 100644 --- a/nixos/boxes/colony/vms/whale2/default.nix +++ b/nixos/boxes/colony/vms/whale2/default.nix @@ -8,11 +8,21 @@ in nixpkgs = "mine"; assignments = { + routing = { + name = "whale-vm-routing"; + domain = lib.my.colony.domain; + ipv4.address = "${lib.my.colony.start.vms.v4}3"; + }; internal = { name = "whale-vm"; altNames = [ "oci" ]; domain = lib.my.colony.domain; - ipv4.address = "${lib.my.colony.start.vms.v4}3"; + ipv4 = { + address = "${lib.my.colony.start.vip1}6"; + mask = 32; + gateway = null; + genPTR = false; + }; ipv6 = { iid = "::3"; address = "${lib.my.colony.start.vms.v6}3"; @@ -144,7 +154,10 @@ in }; networks = { - "80-vms" = networkdAssignment "vms" assignments.internal; + "80-vms" = mkMerge [ + (networkdAssignment "vms" assignments.routing) + (networkdAssignment "vms" assignments.internal) + ]; }; }; diff --git a/nixos/default.nix b/nixos/default.nix index 017ef71..719368a 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -107,7 +107,7 @@ let genPTR = mkBoolOpt' true "Whether to generate a PTR record."; }; ipv6 = { - address = mkOpt' str null "IPv6 address."; + address = mkOpt' (nullOr str) null "IPv6 address."; mask = mkOpt' ints.u8 64 "Network mask."; iid = mkOpt' (nullOr str) null "SLAAC static address."; gateway = mkOpt' (nullOr str) null "IPv6 gateway."; @@ -193,7 +193,7 @@ in (map (as: map - (a: [ a.ipv4.address a.ipv6.address ]) + (a: [ a.ipv4.address ] ++ (optional (a.ipv6.address != null) a.ipv6.address) ) (attrValues as)) (attrValues allAssignments)); dupIPs = duplicates assignedIPs;